Health IT Safety: Regulations Looming?

The Food and Drug Administration should regulate health information technology if stepped-up efforts to improve IT safety fail to achieve adequate results, a federal advisory group recommends in a new report on IT risks. The FDA, which already regulates medical devices, such as pacemakers and insulin pumps, does not regulate electronic health records.

The Institute of Medicine formed a study committee that prepared the report. The panel recommends that the Department of Health and Human Services "monitor and publicly report on the progress of health IT safety annually, beginning in 2012. If progress is not sufficient, HHS should direct the FDA to exercise its authority to regulate health IT."

The panel concludes that studies on how electronic health records and other information technologies affect patient safety are inconclusive. "More worrisome, some case reports suggest that poorly designed health IT can create new hazards in the already complex delivery of care. ... Dosing errors, failure to detect life-threatening illnesses, and delaying treatment due to poor human-computer interactions or loss of data have led to serious injury and death," the panel's report notes.

Recommended Safety Steps

Congress should establish an independent federal entity, similar to the National Transportation Safety Board, to perform investigations of health IT safety and make recommendations to HHS;

HHS should establish a mechanism for vendors and users to report health IT-related deaths, serious injuries or unsafe conditions;

HHS should fund a new Health IT Safety Council within an existing standards organization "that would evaluate criteria for judging the safe use of health IT and the use of health IT to enhance safety." HHS then would use the criteria to improve its assessments.

HHS' Office of the National Coordinator for Health IT, which commissioned the study, should work with the private sector to make comparative health IT user experiences available. "In other industries, public product reviews allow users to rate their experiences with products and share lessons learned," the report states. "A consumer guide for health IT safety could help identify safety concerns, increasing system transparency."

HHS should ensure that vendors support users in "freely exchanging information about health IT experiences and issues, including details related to patient safety." It points out that some vendor contracts, for example, include nondisclosure clauses that "can discourage users from sharing information" as well as limited liability clauses that "can essentially shift liability from the vendor to the users when an adverse event occurs."

The panel says it made these recommendations as a "first stage for action," noting that the private sector "has not taken substantive action on its own." That's why is wants HHS to make annual reports on health IT safety that could trigger FDA regulations if sufficient progress is lacking.

In a new blog, Farzad Mostashari, head the Office of the National Coordinator for Health IT, notes the office commissioned the study "as part of our long-term strategy to make safety efforts a top priority in our support of electronic health record adoption." ONC oversees the HITECH Act's EHR incentive payment program that eventually could provide billions of dollars in payments to physicians and hospitals that make meaningful use of EHRs.

"We are hopeful that today's report will serve to strengthen health IT systems and enable EHRs to make their full contribution toward safer, better quality care for Americans," Mostashari says.

About the Author

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.